It is possible to log in with my Yahoo OpenID (which is tied to my Yahoo e-mail account), and then create a new unregistered user with the same e-mail address, so that both accounts are connected to the same e-mail. Why is that allowed? Shouldn't Stack Overflow have some sort of e-mail confirmation?

@Omu do you have the "E-Mail" field filled twice with the same address?
–
PëkkaSep 8 '11 at 13:56

@Straitjacket not really, that question is about having many accounts, this is about having many with same e-mail, notice the difference
–
OmuSep 8 '11 at 13:56

1

@Pekka no, I login with yahoo but I can also login with gmail, and it's the same account, for these 2, my yahoo and gmail are merged into one, so when I login with yahoo I have the gmail email in use, I kinda get it now
–
OmuSep 8 '11 at 13:58

1 Answer
1

Your e-mail isn't the key to your account. Your OpenID endpoint name is the key, and those are unique for your accounts. The e-mail address is irrelevant, and does not need to be confirmed, because it was confirmed separately by your openID provider.

the thing is that you can use another email which wasn't confirmed by the openid provider, I do understand now that in the case when the users is not using openid but registers he is confirming his email and gets an unique SE openid anyway
–
OmuSep 8 '11 at 14:02

Hasn't the recent change to the login system made email more important? As I understand it, if you have any email address associated with your account, you can login using any trusted OpenID that is associated with that email (facebook, gmail, stack exchange) even if you haven't previously associated it with your account.
–
Jeremy BanksSep 8 '11 at 14:22